Unix Tip #4572- September 17, 2013


SEARCH : Home : Help : Today's Tip

MONITORING ROOT IN THE PASSWORD FILE


One of the popularly known method of breaking into a Unix host
is by inserting a uid value 0 in the /etc/passwd file which could
be done in many ways including backdoors for later accesses .

The script below displays warning messages on the console if
such changes a detacted. Simply place the script in the crontab
and run as frequent as you wish.

------------------------------CUT HERE-----------------------------------------

for id in `awk 'FS=":" {if(($3 == 0 && $1 != "root" )) print $1}' /etc/passwd`
do
cat << the_end >/dev/console

+----------------------------------------------------------------
|
| `date "+Detacted On Date :%D Time :%r"`
| Break-in ALERT! Login ID `echo ${id}` has uid 0
|
+----------------------------------------------------------------

the_end
done
------------------------------CUT HERE-----------------------------------------



NOTE: All tips provided are USE AT YOUR OWN RISK. Tips are submitted by various unix admins around the globe. UGU suggest you read and test each tip in a non-volitile environment before placing into production.


LAST 5 TIPS
4571 - CREATE YOUR OWN GROUP ALIASES
4570 - KILL X
4569 - ALTERNATIVE TO CP
4568 - -------- REMOVE THE DASHES
4567 - SEPARATE SHELL COMMAND HISTORY FILES


I want to SUBSCRIBE and get a UGU Tip everyday.
I want to UNSUBSCRIBE and NOT get a UGU Tip everyday.

If you have a UNIX TIP let us know, we just may use it:
(All tips become the property of the Unix Guru Universe)
Email Address:

Yes, email me a Hot Unix Tip everday.

Enter Hot Unix Tip (optional):

Yes, I will support this tip

Captcha (not case sensitive):


Please enter the above letters:


HOME | Flavors | Admin | Network | Security | S/W | Help | Events | Vendors | Careers | Internet
About | Add Link | Feedback | Search

Copyright © 1994-2005 Unix Guru Universe